The CTIME column of SYS.USER$ is the date and time the user was created. So this value does not help you.
I know of no way to determine the actual date and time the password was last changed. However, you can set up a profile for your users to expire passwords after a certain number of days. The EXPIRY_DATE column of DBA_USERS will show you when the password will expire next. To determine when the user changed their password last, simply subtract the password lifetime value from the expiration date.
This was first published in August 2007